Two things: First, I understand that “free solutions” are usually worth what you pay for them, so the reference to free in my title is offered in full acknowledgment of that fact. And second, I suspect that more than zero percent of you will have no idea what a CSPM is—so, I will try to use this short blog to provide some tutorial guidance.
The free CSPM solution, of course, originates with CloudPassage, a security company I’ve admired for quite some time, both as an analyst and customer. Founded by Carson Sweet, Talli Somehk, and Vitaliy Geraymovych in 2010, CloudPassage has been a successful pioneer in cloud security and compliance ever since.
So, when I heard of CloudPassage’s planned free CSPM offering, I was excited – and here’s why: Cloud Security Posture Management (CSPM) has emerged as one of the more prescient aspects of zero trust enterprise networks. It involves the visibility, analysis, and insights required to properly manage cloud risk.
Enterprise teams have begun to move a significant portion of their application and workload capabilities into public clouds from providers such as Amazon and Microsoft. These applications and workloads are usually implemented into flexible container formats such as Docker and orchestrated using tools such as Kubernetes.
Much of the security obligation has thus shifted from the familiar firewalls, scanners, and IPS so common inside the firewall to modern CSPM tools operating in public and hybrid clouds. Unification is required across both security and compliance—and CloudPassage has been a leader in the development of platforms promoting such commonality.
A practical challenge for most enterprise teams is that CSPM is likely not part of the legacy budget. This implies that for any year-over-year (YOY) carry-over financial processes, no existing line item will be labeled CSPM. CISOs thus have the obligation to make the case—and this is not always the easiest task, especially during a pandemic.
This helps explain why I was happy to hear that CloudPassage would be helping enterprise teams make the case for CSPM without having to break the near-term budget. And with modern computing moving to cloud-resident containers, servers, and infrastructure, it’s hard to imagine an area of enterprise IT more in need of advanced security.
I recommend you visit CloudPassage’s free cloud security posture management page. Take a look at the protection features you’ll get for your cloud-hosted assets, and I suspect you’ll want to give it a test drive. And as always, I hope you’ll post your experiences with the solution so that we can all benefit from your insights.
Dr. Edward Amoroso is Chief Executive Officer of New York-based TAG Cyber, a research and advisory firm focused on enterprise cyber security. Dr. Amoroso also serves as a Distinguished Research Professor in the NYU Center for Cyber Security.